- Go to Settings > Scheduler to open the Job Scheduler page.
- In the left navigation panel, click Asset Group Scans.
-
Click Create Scan Job.
The Schedule New Job dialog box opens.
- Enter the name and description for the job. The description is optional, but it is a best practice to provide this information so that others can easily understand what it does.
- Select Sensor as the source for your new job.
- In the Action Type field, select Asset Scanner. Depending on the USM Anywhere Sensor that you have installed, this field can include different options.
- Select a USM Anywhere sensor in case you have more than one installed.
-
Select the App Action:
Asset Discovery
Discovers assets in your environment, detects changes in assets, and discovers assets in the network.- Select Existing Asset Group: In the Enter asset group name field, search for the asset groups to scan. These asset groups are already existing, and you can search for them by entering the name of the asset group or by browsing for them.
-
Create New Asset Group to Scan Using CIDR Block: You can create a new asset group from a block. You need to indicate the CIDR block and the network name you want to scan. This option discovers new assets and scans the discovered assets.
Important: Use the Create New Asset Group to Scan Using CIDR Block option for creating new CIDR-based asset groups without leaving the scheduler form. After clicking Save, a new asset group based on the selected CIDR is created.Your scan job will have the Select Existing Asset Group option selected and the CIDR-based asset group assigned automatically.Important: Make sure when you use a virtual private network (VPN) using a Cisco Firewall, that arp-proxy is enabled in the . Otherwise, all the assets will be reported using the same media access control (MAC) address, and USM Anywhere will consider all of them to be different interfaces for the same asset.
Asset Group Scan
Discovers services, , , IP and , and vulnerabilities of known .The Asset Group field displays the name of the asset group to scan. You can’t modify this field. - In the App Action field, the Asset Group Scan is the default option.
-
Select the scan profile that you want to run:
- Discovery: This profile scans the known ports and services searching for the most-used ports. (There are 457 ports.)
- Complete: This profile scans all TCP and ports to find the possible ports in a . (There are 65535 ports.)
- Vulnerability Discovery: Performs general network discovery and checks for specific known vulnerabilities. It only reports results if they are found.
- Extended Vulnerability Discovery: Performs a Discovery scan, which actively discovers more about the network.
- Intensive Vulnerability Discovery: Performs several tasks to discover vulnerabilities, which uses a significant number of resources on the targeted machine. Because of this, sensitive targets may perceive a brief disruption on their services.
- (Optional) Select the assets you want to exclude from the scan.
-
Select Set Debug Mode if you want to log the results of the scan or if you have a problem with a scan.
This option is disabled by default.
Note: The Set Debug Mode option must be used only for debugging purposes because it needs a large amount of disk space for the file or files that it generates. Only LevelBlue Technical Support should review these files. You can contact this department for more information.
-
In the Schedule section, specify when USM Anywhere runs the job:
a. Select the increment as Minute, Hour, Day, Week, Month, or Year.
b. Set the interval options for the increment. The selected increment determines the available options. For example, on a weekly increment, you can select the days of the week to run the job.Warning: After a frequency change, monitor the system to check its performance. For example, you can check the system load and CPU. See USM Anywhere System Monitor for more information.Or on a monthly increment, you can specify a date or a day of the week that occurs within the month.
c. Set the start time. This is the time that the job starts at the specified interval. It uses the time zone configured for your USM Anywhere instance (the default is Coordinated Universal Time [UTC]).Important: USM Anywhere restarts the schedule on the first day of the month if the option “Every x days” is selected. - Click Save. The job now displays in the job scheduler list.
- Go to Settings > Scheduler to open the Job Scheduler page.
- In the left navigation panel, click Asset Group Scans.
- Click Create Scan Job.
-
The Schedule New Job dialog box opens.
- Enter the name and description for the job. The description is optional, but it is a best practice to provide this information so that others can easily understand what it does.
- Select Sensor as the source for your new job.
- In the Action Type field, select Authenticated Asset Scanner.
- Select a sensor in case you have more than one installed.
- In the App Action field, Asset Group Scan is the default option.
- In the Asset Group field, you can either enter the asset group name or browse asset groups.
-
In the Schedule section, specify when USM Anywhere runs the job:
a. Select the increment as Minute, Hour, Day, Week, Month, or Year.
b. Set the interval options for the increment. The selected increment determines the available options. For example, on a weekly increment, you can select the days of the week to run the job.Warning: After a frequency change, monitor the system to check its performance. For example, you can check the system load and CPU. See USM Anywhere System Monitor for more information.Or on a monthly increment, you can specify a date or a day of the week that occurs within the month.c. Set the start time. This is the time that the job starts at the specified interval. It uses the time zone configured for your USM Anywhere instance (the default is Coordinated Universal Time [UTC]).Important: USM Anywhere restarts the schedule on the first day of the month if the option “Every x days” is selected.
- Click Save. The job now displays in the job scheduler list.